Ulster University Logo

A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks

User, User Muhammad Fahad, Sher, Muhammad and Bi, Yaxin (2018) A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks. PLOS One, 13 (1). pp. 1-20. [Journal article]

[img] Text - Accepted Version
[img] Text - Supplemental Material
Restricted to Repository staff only


DOI: 10.1371/journal.pone.0180945


The next-generation network provides state-of-the-art access-independent services overconverged mobile and fixed networks. Security in the converged network environment isa major challenge. Traditional packet and protocol-based intrusion detection techniquescannot be used in next-generation networks due to slow throughput, low accuracy andtheir inability to inspect encrypted payload. An alternative solution for protection ofnext-generation networks is to use network flow records for detection of maliciousactivity in the network traffic. The network flow records are independent of accessnetworks and user applications. In this paper, we propose a two-stage flow-basedintrusion detection system for next-generation networks. The first stage uses anenhanced unsupervised one-class support vector machine which separates maliciousflows from normal network traffic. The second stage uses a self-organizing map whichautomatically groups malicious flows into different alert clusters. We validated theproposed approach on two flow-based datasets and obtained promising results.

Item Type:Journal article
Keywords:Network Security, Intrusion Detection, Network Traffic Flow
Faculties and Schools:Faculty of Computing & Engineering
Faculty of Computing & Engineering > School of Computing and Mathematics
Research Institutes and Groups:Computer Science Research Institute
Computer Science Research Institute > Artificial Intelligence and Applications
ID Code:39727
Deposited By: Dr Yaxin Bi
Deposited On:17 Apr 2018 14:24
Last Modified:17 Apr 2018 14:24

Repository Staff Only: item control page